OPS335 Lab 2b
Revision as of 16:05, 28 January 2016 by Andrew (Created page with 'We'll use this lab to get more practice with iptables. = iptables troubleshooting procedure = By now you've probably figured out that a simple mistake in your iptables rules ca…')
We'll use this lab to get more practice with iptables.
iptables troubleshooting procedure
By now you've probably figured out that a simple mistake in your iptables rules can have very serious and unexpected consequences. There's a process you can follow to figure out what's wrong.
- First figure out if you network is set up correctly. You can use the steps in lab 1 as a guide, but keep in mind the firewall may be blocking pings and DNS requests.
- See if the service you're trying to connect to is actually running. You should learn to read the output of netstat -atnp and netstat -aunp to complement the systemctl status command.
- If you have no idea what's going on and need to confirm that you're still sane - clear all the iptables rules and check your configuration then. Keep in mind that the iptables -F command will delete all your rules but will not set the deafult policies to ACCEPT. This will tell you for sure whether your problem was (or was not) caused by iptables.
- If you do this - have a ready way to restore the rules you just deleted. Restarting the iptables service is usually a good start and a script to add your custom rules is a reasonable next step.
- Follow a packet's path as you understand it should follow. Keep in mind the diagram from the lecture last week. What chain applies first on which machine? What's the first rule that matches the packet? What happens if no rules match the packet?
- Don't forget that even if you're tracing the path of outgoing traffic - the INPUT chain on your mahchine still applies (for the response that comes back to your request).
- At this point you should be able to understand any iptables rules you'll see in this course, including the default ones in CentOS. If you see a rule you don't understand - you can delete it and see what happens. But if you do that - make sure you then understand what that rule did and why you needed to delete it. It was likely there for a good reason.